Password Expiration Notifier return the following error instead of sending notifications:
Failed to obtain password expiration settings for the domain. The “Maximum Password Age” setting is not specified for the domain.
Password Expiration Notifier uses the Maximum Password Age value from Password policy to determine the password expiration date.
If the Maximum Password Age is not defined or set to 0 (for example in case the Fine Grained password policy in the domain) then Password Expiration Notifier is not able to determine the password expiration date and returns the above error.
Password Expiration Notifier is not able to work in mixed mode, it can either use default general Maximum Password Age policy, or Fine Grained policy.
To resolve the issue either enable Fine Grained Password policy support in Password Expiration Notifier or configure the Maximum Password Age policy.
To enable Fine Grained Password policy support in Password Expiration Notifier:
- Launch Netwrix Management Console
- Navigate to Managed objects – %your domain MO% – Password Expiration Notifier in the left pane
- In the right pane click Configure Advanced settings
- In a pop-up windows Advanced settings enable Only report on users with Fine Grained Policy settings checkbox
- Click OK to apply changes
To set Maximum Password Age policy for the domain:
- Launch Group Policy Management
- Edit the appropriate GPO (for example, Default Domain Policy)
- Navigate to Computer Configuration – Policies – Windows settings – Security settings – Account policies – Password policies
- In the right pane define the Maximum password age value
- Update policies, for example run gpupdate /force command